CVE-2002-0495

Cgiscript Cssearch Professional < 2.3 - Code Injection

Title source: rule

Description

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Steve Gustin · textremotecgi

https://www.exploit-db.com/exploits/21354

View Code ZIP pw:eip

References (4)

[Product] http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7

[Broken Link, Patch, Vendor Advisory] http://www.iss.net/security_center/static/8636.php

[Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/archive/1/264169

[Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/4368

Scores

EPSS 0.1515

EPSS Percentile 94.5%

Classification

CWE

CWE-94

Status draft

Affected Products (1)

cgiscript/cssearch_professional < 2.3

Timeline

Published Aug 12, 2002

Tracked Since Feb 18, 2026